diff options
36 files changed, 512 insertions, 196 deletions
diff --git a/system/bubblewrap/APKBUILD b/system/bubblewrap/APKBUILD index c4ae4fa31..866bdb468 100644 --- a/system/bubblewrap/APKBUILD +++ b/system/bubblewrap/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Timo Teräs <timo.teras@iki.fi> # Maintainer: Max Rees <maxcrees@me.com> pkgname=bubblewrap -pkgver=0.3.3 +pkgver=0.4.1 pkgrel=0 pkgdesc="Unprivileged sandboxing tool" url="https://github.com/projectatomic/bubblewrap" @@ -9,21 +9,23 @@ arch="all" options="!check suid" # requires suid to already be set in order to check license="LGPL-2.0+" makedepends="autoconf automake libcap-dev docbook-xsl" -checkdepends="sudo" +checkdepends="python3 sudo" subpackages="$pkgname-nosuid $pkgname-doc $pkgname-bash-completion:bashcomp:noarch" -source="bubblewrap-$pkgver.tar.gz::https://github.com/projectatomic/bubblewrap/archive/v$pkgver.tar.gz +source="bubblewrap-$pkgver.tar.gz::https://github.com/containers/bubblewrap/archive/v$pkgver.tar.gz realpath-workaround.patch - musl-fixes.patch - tests.patch" + tests.patch + " # secfixes: # 0.3.3-r0: -# - CVE-2019-12439 +# - CVE-2019-12439 +# 0.4.1-r0: +# - GHSA-j2qp-rvxj-43vj prepare() { - srcdir= NOCONFIGURE=1 ./autogen.sh default_prepare + NOCONFIGURE=1 ./autogen.sh } build() { @@ -39,14 +41,16 @@ build() { } check() { - # Uses sudo to chown root and setuid $builddir/test-bwrap + # 1. chown root and chmod u+s $builddir/test-bwrap + # 2. Run abuild check (suid test) + # 3. Unset permissions on test-bwrap + # 4. Run abuild check again (nosuid test) # - # As of 0.3.3-r0, all tests pass on ppc64 except those relating - # to bind mounts over symlinks. Those tests fail because musl's - # realpath depends on the availability of /proc, which is not - # available in the middle of the setup procedure since pivot_root - # has been performed at least once. They have been patched to be - # skipped. + # As of 0.4.1, all tests pass except those relating to bind mounts + # over symlinks. Those tests fail because musl's realpath depends on + # the availability of /proc, which is not available in the middle of + # the setup procedure since pivot_root has been performed at least + # once. They have been patched to be skipped. make check } @@ -72,7 +76,6 @@ bashcomp() { mv "$pkgdir"/usr/share/bash-completion/ "$subpkgdir"/usr/share/ } -sha512sums="b1c38fad90ddaa23a5f2dd49f9ec3f9d9af7426af321ae9f7c43dd64f11a448b3502942a42112a1c6ebf8a4dea2e1196b17c31cca9c2f119dc2e0c1674c345ae bubblewrap-0.3.3.tar.gz +sha512sums="83e036e242503e1364b2d0052bba5127175891203c57bd22ba47a1b1e934fdca64ca620cd0e48c903fa2bc7cdcf92339b8a7fcb8716b54c2e28034b6d6f86adc bubblewrap-0.4.1.tar.gz 400a0446670ebf80f16739f1a7a2878aadc3099424f957ba09ec3df780506c23a11368f0578c9e352d7ca6473fa713df826fad7a20c50338aa5f9fa9ac6b84a4 realpath-workaround.patch -f59cda3b09dd99db9ca6d97099a15bb2523e054063d677502317ae3165ba2e32105a0ae8f877afc3827bd28d093c9d9d413270f4c87d9fe5f26f3eee670d916e musl-fixes.patch d572a6296729ab192dd4f04707e0271df600d565897ce089b7f00b9ae6c62e71a087e864b4c4972e0a64aeb222a337ff4ed95560620c200cc44534db1ca79efd tests.patch" diff --git a/system/bubblewrap/musl-fixes.patch b/system/bubblewrap/musl-fixes.patch deleted file mode 100644 index ecf626331..000000000 --- a/system/bubblewrap/musl-fixes.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- a/config.h.in -+++ b/config.h.in -@@ -102,3 +102,14 @@ - - /* Define to 1 if you need to in order for `stat' and other things to work. */ - #undef _POSIX_SOURCE -+ -+/* taken from glibc unistd.h and fixes musl */ -+#ifndef TEMP_FAILURE_RETRY -+#define TEMP_FAILURE_RETRY(expression) \ -+ (__extension__ \ -+ ({ long int __result; \ -+ do __result = (long int) (expression); \ -+ while (__result == -1L && errno == EINTR); \ -+ __result; })) -+#endif -+ diff --git a/system/gettext-tiny/APKBUILD b/system/gettext-tiny/APKBUILD index ce62d5c99..a1d199ecd 100644 --- a/system/gettext-tiny/APKBUILD +++ b/system/gettext-tiny/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=gettext-tiny pkgver=0.3.1_git20191130 -pkgrel=2 +pkgrel=3 pkgdesc="An internationalisation and localisation system" url="https://github.com/sabotage-linux/gettext-tiny" arch="all" @@ -16,6 +16,7 @@ source="https://distfiles.adelielinux.org/source/$pkgname-$pkgver.tar.xz line-length.patch respect-cflags.patch stop-doing-macro-crap.patch + msgfmt-exit.patch " build() { @@ -30,4 +31,5 @@ sha512sums="a318135626a0403a30a81fa475f7e1878b8af5a87053b0e00876c73b591508f3cf1e 8efbf9c11429ab26f3c15e00c34258200598833b8f846a23e4c8d95023c2184d9dcf9cbb48d58eec1604442691af76e6f8e904ad7348016c393257aa30eae7cd keyword.patch 0a26a8481bffe2ce8c73f7f500963aea9db8379fb87849142d8efabf1656604b22f6ad345483256f14c388466f2f44e5924b9f65d88f26867a753a96d1529270 line-length.patch b4e7db4e415f6bc31f2214f2044506ad18ea0bd3cae4200d93bbd34aa493c7478a7f953d0a7e08f29f0fd5a5d7b7cbfa2bcfd5692c37e423706a1c193239bf1d respect-cflags.patch -cd4cfc8cc6ea998f1e33ef666e3b9c3de3f3253994bccc942b177773c94f785e3892cb7d5f34bec1102dc7558236c07c5eac90e15d755e12ee06836336373526 stop-doing-macro-crap.patch" +cd4cfc8cc6ea998f1e33ef666e3b9c3de3f3253994bccc942b177773c94f785e3892cb7d5f34bec1102dc7558236c07c5eac90e15d755e12ee06836336373526 stop-doing-macro-crap.patch +0037a1347f9ac2aa6f68160441b83c35ce8128ca140be93f3c508e6cd02161e49edff82034877ed11c127886337455ff4ea941b6a14168c2ca69aa82a7cff8a5 msgfmt-exit.patch" diff --git a/system/gettext-tiny/msgfmt-exit.patch b/system/gettext-tiny/msgfmt-exit.patch new file mode 100644 index 000000000..f5ff3fbb8 --- /dev/null +++ b/system/gettext-tiny/msgfmt-exit.patch @@ -0,0 +1,36 @@ +From 0e62c2588742cfffd3dc81c09ecc8488c0ce25b9 Mon Sep 17 00:00:00 2001 +From: Max Rees <maxcrees@me.com> +Date: Sun, 22 Mar 2020 20:20:15 -0500 +Subject: [PATCH] msgfmt: exit(1) if incorrectly used + +This prevents builds from continuing seemingly fine when they are +actually not using this version of msgfmt correctly. +--- + src/msgfmt.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/msgfmt.c b/src/msgfmt.c +index aa16c5e..3de9a56 100644 +--- a/src/msgfmt.c ++++ b/src/msgfmt.c +@@ -278,7 +278,7 @@ void set_file(int out, char* fn, FILE** dest) { + int main(int argc, char**argv) { + if (argc == 1) { + syntax(); +- return 0; ++ return 1; + } + + int arg = 1; +@@ -376,7 +376,7 @@ int main(int argc, char**argv) { + streq(A+1, "D") + ) { + syntax(); +- return 0; ++ return 1; + } else if (streq(A+1, "l")) { + arg++; + locale = A; +-- +2.25.1 + diff --git a/system/lvm2/APKBUILD b/system/lvm2/APKBUILD index 4bb0d5d0c..3baea9c09 100644 --- a/system/lvm2/APKBUILD +++ b/system/lvm2/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Dan Theisen <djt@hxx.in> pkgname=lvm2 pkgver=2.03.08 -pkgrel=0 +pkgrel=1 pkgdesc="Logical Volume Manager 2 utilities" url="https://sourceware.org/lvm2/" arch="all" @@ -88,7 +88,7 @@ udev() { sha512sums="411c76de2acd8d7d707b60a4aab3f846004a1fbdc7b1d3f34d21af8ed45716adc0516b11491a26261580da7396d13a506e3994b32f5d1cefdf49c97e5d62d2e3 LVM2.2.03.08.tgz -62dd89e626adc86d1f9d7c575517b4454a362868e2fd3399813b61c1cc407316156456348cd4e8148542ee26124739d6c0e72f3dddee66662a40ca86f1bc3abd fix-stdio-usage.patch +bc4473c2f48ff6cab121f92211cd1b67589a6abadd8e32ffa366fed6ddbf9c87be695aa54a6e97b5b79203bf1a7d22cdb5974da84d38b4977592ef7a061612e7 fix-stdio-usage.patch 9272ec8c5184ef5dc776ead8f74132e072b7563b5119a3a38b712f00d92a1e3878c9b3a54eb2b01dcba038110c686b39d4c17ecd0eb258537e9217d7ed03c408 mallinfo.patch d190c40a137b006d7b63298069c93ff08d2804b990e85d44739cd7c48beec9a569903b98f0d940895fc7365723ba886acd7ef0e08f1f65a1a391d1c448ce080e mlockall-default-config.patch a853078660fd2fd943538924f56e81dc5793294e26b8f61d93e6188893f15f4a438d33792b341c1865d61e03f4a371b7c7ee0db5f4130ef7cb7aeaeb9290086a lvm.initd diff --git a/system/lvm2/fix-stdio-usage.patch b/system/lvm2/fix-stdio-usage.patch index d5cc43f65..6b7ee0eaa 100644 --- a/system/lvm2/fix-stdio-usage.patch +++ b/system/lvm2/fix-stdio-usage.patch @@ -1,6 +1,6 @@ ---- ./tools/lvmcmdline.c -+++ ./tools/lvmcmdline.c -@@ -1252,7 +1252,7 @@ +--- LVM2.2.03.08/tools/lvmcmdline.c 2020-02-11 03:59:27.000000000 -0600 ++++ LVM2.2.03.08/tools/lvmcmdline.c 2020-03-22 16:17:35.470100377 -0500 +@@ -3233,7 +3233,7 @@ static int _check_standard_fds(void) int err = is_valid_fd(STDERR_FILENO); if (!is_valid_fd(STDIN_FILENO) && @@ -9,7 +9,7 @@ if (err) perror("stdin stream open"); else -@@ -1262,7 +1262,7 @@ +@@ -3243,7 +3243,7 @@ static int _check_standard_fds(void) } if (!is_valid_fd(STDOUT_FILENO) && @@ -18,7 +18,7 @@ if (err) perror("stdout stream open"); /* else no stdout */ -@@ -1270,7 +1270,7 @@ +@@ -3251,7 +3251,7 @@ static int _check_standard_fds(void) } if (!is_valid_fd(STDERR_FILENO) && @@ -27,3 +27,23 @@ printf("stderr stream open: %s\n", strerror(errno)); return 0; +--- LVM2.2.03.08/lib/commands/toolcontext.c 2020-02-11 03:59:27.000000000 -0600 ++++ LVM2.2.03.08/lib/commands/toolcontext.c 2020-03-22 16:18:35.130101016 -0500 +@@ -1599,7 +1599,7 @@ struct cmd_context *create_toolcontext(u + /* FIXME Make this configurable? */ + reset_lvm_errno(1); + +-#ifndef VALGRIND_POOL ++#if !defined(VALGRIND_POOL) && defined(__GLIBC__) + /* Set in/out stream buffering before glibc */ + if (set_buffering + #ifdef SYS_gettid +@@ -1980,7 +1980,7 @@ void destroy_toolcontext(struct cmd_cont + + if (cmd->pending_delete_mem) + dm_pool_destroy(cmd->pending_delete_mem); +-#ifndef VALGRIND_POOL ++#if !defined(VALGRIND_POOL) && defined(__GLIBC__) + if (cmd->linebuffer) { + /* Reset stream buffering to defaults */ + if (is_valid_fd(STDIN_FILENO) && diff --git a/system/openssl/APKBUILD b/system/openssl/APKBUILD index 070d3d0e2..812836bc9 100644 --- a/system/openssl/APKBUILD +++ b/system/openssl/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=openssl -pkgver=1.1.1d +pkgver=1.1.1e pkgrel=0 pkgdesc="Toolkit for SSL and TLS" url="https://www.openssl.org/" @@ -12,7 +12,7 @@ makedepends_build="perl" subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc libcrypto1.1:libcrypto libssl1.1:libssl" source="https://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz - CVE-2019-1551.patch + ppc-auxv.patch ppc64.patch " @@ -127,6 +127,6 @@ libssl() { done } -sha512sums="2bc9f528c27fe644308eb7603c992bac8740e9f0c3601a130af30c9ffebbf7e0f5c28b76a00bbb478bad40fbe89b4223a58d604001e1713da71ff4b7fe6a08a7 openssl-1.1.1d.tar.gz -11ca61515a89766241fe0fae27f3b39767128915f288ea88840bf93e8b50ac416024cb2153efcdf2658d3e82a8e4250a0c069333dbd7347475f9dafcc45370b5 CVE-2019-1551.patch -66bbb0ae769643c8a0b1501d9c8466f08f0d8b3b2bc4fcc2c0c054ab1971ced85c07aa0e4b8168a4394d0ae407dfbd26066a7a068602ce5b58e459b12ce6d36a ppc64.patch" +sha512sums="dbc2124f6ce9f1927e2f5e03101ed565d4e52ef09d620200f5cd9372c88c65dd7d74b24b31a8bf404713a5adfab80e0c3b25bf538c52702c4c3af1d80aef16c2 openssl-1.1.1e.tar.gz +c164dd528d7408b8b2a52a0b181f2066ff00feb635df863bdeb4ce879db9ecdf7dd9033bb14b63ee5239aa814d5d777a86bb99cc37ecedae2d77a6bd86144b88 ppc-auxv.patch +e040f23770d52b988578f7ff84d77563340f37c026db7643db8e4ef18e795e27d10cb42cb8656da4d9c57a28283a2828729d70f940edc950c3422a54fea55509 ppc64.patch" diff --git a/system/openssl/ppc-auxv.patch b/system/openssl/ppc-auxv.patch new file mode 100644 index 000000000..e19d8df1f --- /dev/null +++ b/system/openssl/ppc-auxv.patch @@ -0,0 +1,17 @@ +--- openssl-1.1.1e/crypto/ppccap.c.old 2020-03-17 14:31:17.000000000 +0000 ++++ openssl-1.1.1e/crypto/ppccap.c 2020-03-30 06:32:25.943988524 +0000 +@@ -207,11 +207,9 @@ + return 0; + } + +-#if defined(__GLIBC__) && defined(__GLIBC_PREREQ) +-# if __GLIBC_PREREQ(2, 16) +-# include <sys/auxv.h> +-# define OSSL_IMPLEMENT_GETAUXVAL +-# endif ++#if defined(__linux__) ++# include <sys/auxv.h> ++# define OSSL_IMPLEMENT_GETAUXVAL + #endif + + /* I wish <sys/auxv.h> was universally available */ diff --git a/system/openssl/ppc64.patch b/system/openssl/ppc64.patch index 5f79c4ddc..c75ceedba 100644 --- a/system/openssl/ppc64.patch +++ b/system/openssl/ppc64.patch @@ -78,7 +78,7 @@ diff --git a/Configure b/Configure index 22082deb4c7..e303d98deb3 100755 --- a/Configure +++ b/Configure -@@ -1411,8 +1410,15 @@ +@@ -1402,8 +1402,15 @@ my %predefined_C = compiler_predefined($config{CROSS_COMPILE}.$config{CC}); my %predefined_CXX = $config{CXX} ? compiler_predefined($config{CROSS_COMPILE}.$config{CXX}) diff --git a/system/ruby/APKBUILD b/system/ruby/APKBUILD index 537c1010a..0cb185852 100644 --- a/system/ruby/APKBUILD +++ b/system/ruby/APKBUILD @@ -38,11 +38,13 @@ # - CVE-2019-16201 # - CVE-2019-16254 # - CVE-2019-16255 +# 2.5.7-r1: +# - CVE-2020-8130 # pkgname=ruby pkgver=2.5.7 _abiver="${pkgver%.*}.0" -pkgrel=0 +pkgrel=1 pkgdesc="An object-oriented language for quick and easy programming" url="https://www.ruby-lang.org/" arch="all" @@ -76,6 +78,7 @@ source="https://cache.ruby-lang.org/pub/ruby/${pkgver%.*}/$pkgname-$pkgver.tar.x test_insns-lower-recursion-depth.patch fix-get_main_stack.patch libedit-compat.patch + CVE-2020-8130.patch " replaces="ruby-etc ruby-gems" @@ -318,4 +321,5 @@ sha512sums="63b7c75fab44cd1bd22f22ddec00c740cf379ac7240da0dfafcec54347766695faef 20e7e5ee9936a93872fe1ad836dd1fde001fe4a0e7ed54c26727ad83da3ceb0e6247681d9dd4f98a69e1b0250703ed8fc682d44075780d5f47faa1d5f58d2bdb rubygems-avoid-platform-specific-gems.patch 814fe6359505b70d8ff680adf22f20a74b4dbd3fecc9a63a6c2456ee9824257815929917b6df5394ed069a6869511b8c6dce5b95b4acbbb7867c1f3a975a0150 test_insns-lower-recursion-depth.patch e99b36940fa8fdd445d82738c70b8fc042cab042a4662cab156578aad2dac9673a96da22b6676aa36beac08070e92a7798c60d6f36eeb169216c4c51864ce2fe fix-get_main_stack.patch -6b88fccce164db1d8beb16adeffdd7effd077e9842b7f61deddebeb39afcf9b839192b68a43ce66a1ff0c9aeaacc4f13a0ee56184c22e822cd8b10a07a1c87b2 libedit-compat.patch" +6b88fccce164db1d8beb16adeffdd7effd077e9842b7f61deddebeb39afcf9b839192b68a43ce66a1ff0c9aeaacc4f13a0ee56184c22e822cd8b10a07a1c87b2 libedit-compat.patch +50b3a2aca1c0d7a7b557e030fbf57049512730cd6516cb6b26624855c25a20e84eef7f84ec9eafb94200de067ec67790e5fe0902e69681ac4de9195240b318dc CVE-2020-8130.patch" diff --git a/system/ruby/CVE-2020-8130.patch b/system/ruby/CVE-2020-8130.patch new file mode 100644 index 000000000..3cb6e4adf --- /dev/null +++ b/system/ruby/CVE-2020-8130.patch @@ -0,0 +1,18 @@ +Note: adjusted paths since it's being vendored inside ruby. + +From 5b8f8fc41a5d7d7d6a5d767e48464c60884d3aee Mon Sep 17 00:00:00 2001 +From: Hiroshi SHIBATA <hsbt@ruby-lang.org> +Date: Mon, 22 Jul 2019 10:23:43 +0900 +Subject: [PATCH] Use File.open explicitly. + +--- ruby-2.5.7/gems/rake-12.3.0/lib/rake/file_list.rb ++++ ruby-2.5.7/gems/rake-12.3.0/lib/rake/file_list.rb +@@ -294,7 +294,7 @@ def egrep(pattern, *options) + matched = 0 + each do |fn| + begin +- open(fn, "r", *options) do |inf| ++ File.open(fn, "r", *options) do |inf| + count = 0 + inf.each do |line| + count += 1 diff --git a/user/apache-httpd/APKBUILD b/user/apache-httpd/APKBUILD index 6488ffa9f..48fcaf26d 100644 --- a/user/apache-httpd/APKBUILD +++ b/user/apache-httpd/APKBUILD @@ -2,8 +2,8 @@ # Maintainer: Kiyoshi Aman <adelie@aerdan.vulpine.house> pkgname=apache-httpd _pkgreal=httpd -pkgver=2.4.41 -pkgrel=1 +pkgver=2.4.43 +pkgrel=0 pkgdesc="Open-source HTTP server" url="https://httpd.apache.org" arch="all" @@ -37,6 +37,9 @@ builddir="$srcdir/$_pkgreal-$pkgver" options="suid !check" # secfixes: http_server +# 2.4.43-r0: +# - CVE-2020-1934 +# - CVE-2020-1927 # 2.4.34-r0: # - CVE-2017-15710 # - CVE-2017-15715 @@ -143,7 +146,7 @@ ldap() { "$subpkgdir"/usr/libexec/apache2 } -sha512sums="02807a576ea29bd93e648c68e3ad853d5e4971177a0881d6a4873e9c4c5afd6d56877454b666429e70732488a258e0333a0f354d9dbbfd89fc3b38f12f0a0dce httpd-2.4.41.tar.gz +sha512sums="d9879b8f8ef7d94dee1024e9c25b56d963a3b072520878a88a044629ad577c109a5456791b39016bf4f6672c04bf4a0e5cfd32381211e9acdc81d4a50b359e5e httpd-2.4.43.tar.gz c8bc2bb06ae51b0956e0ee673e80c444551c9b33dfcbb845106477c46d9e52786a8896022e1f00102264fecdf66e35e47fc6cf0abe9836fa536735cff4e6adf4 adelie.layout 336e81fa0d08f8fbe6243d52bd59b12cf2e925deb49b29d7a22953c5d40a951b6b753f51e5a396752cb0bbaf1cf25b1358902f375fb65639d00e62db7ae55ff2 apache-httpd.confd 5762d53f39ce7ecd730e05ddf6c063ede65cd75b9e7d67217784c80366646491ef9474306e8eb119c8fb5b4358407b07636a4e9cd82325d8df4e3e00dabc3459 apache-httpd.initd diff --git a/user/cbindgen/APKBUILD b/user/cbindgen/APKBUILD index 2a735e5ce..8d0a30b7e 100644 --- a/user/cbindgen/APKBUILD +++ b/user/cbindgen/APKBUILD @@ -1,9 +1,9 @@ # Contributor: Leo <thinkabit.ukim@gmail.com> # Contributor: Gentoo Rust Maintainers <rust@gentoo.org> # Contributor: Samuel Holland <samuel@sholland.org> -# Maintainer: Molly Miller <adelie@m-squa.red> +# Maintainer: Molly Miller <sysvinit@adelielinux.org> pkgname=cbindgen -pkgver=0.12.1 +pkgver=0.13.2 pkgrel=0 pkgdesc="Tool to generate C bindings from Rust code" url="https://github.com/eqrion/cbindgen" @@ -102,7 +102,7 @@ package() { } -sha512sums="851f82cfdd4304dc57dab1a145f78a05a6c5f05ad607d27e0ae909920a5d99013ffb7f7e87950541bda98462f73f0c338d9761b94a96c3073f39163c2ddacf08 cbindgen-0.12.1.tar.gz +sha512sums="2e894c6cf2b08321418ef78228fbebb5f504aea1576b8e159b4d8d66442cb65cee4f611f0ce13fa58539c08fe21932358fcfead52acbe5413adc9fdba05faf66 cbindgen-0.13.2.tar.gz a637466a380748f939b3af090b8c0333f35581925bc03f4dda9b3f95d338836403cf5487ae3af9ff68f8245a837f8ab061aabe57a126a6a2c20f2e972c77d1fa ansi_term-0.11.0.tar.gz 4554ca7dedb4c2e8693e5847ef1fe66161ed4cb2c19156bb03f41ce7e7ea21838369dabaf447a60d1468de8bfbb7087438c12934c4569dde63df074f168569ad atty-0.2.13.tar.gz ad89b3798845e23737a620bba581c2ff1ff3e15bac12555c765e201d2c0b90ecea0cdbc5b5b1a3fa9858c385e8e041f8226f5acfae5bbbe9925643fff2bf3f0b bitflags-1.2.1.tar.gz diff --git a/user/checkbashisms/APKBUILD b/user/checkbashisms/APKBUILD index 26345d0ac..b616e4fab 100644 --- a/user/checkbashisms/APKBUILD +++ b/user/checkbashisms/APKBUILD @@ -1,10 +1,10 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Max Rees <maxcrees@me.com> pkgname=checkbashisms -pkgver=2.19.7 +pkgver=2.20.2 pkgrel=0 pkgdesc="Check shell scripts for POSIX compliance" -url="https://tracker.debian.org/pkg/devscripts" +url="https://salsa.debian.org/debian/devscripts" arch="noarch" license="GPL-2.0+" depends="perl" @@ -37,4 +37,4 @@ bashcomp() { "$subpkgdir/usr/share/bash-completion/completions/$pkgname" } -sha512sums="6e31862bc8f0d43678341f40ec527d76cdccc2e6e50c231eb7c6a1eb442f48b6c62e94126644224e9fdbef583be3166e2c7cc65ea15de4a7c20605089b708eb7 devscripts_2.19.7.tar.xz" +sha512sums="d9147604a718582a19c036a040c62612427163146048dbf9e3665545072e8132d08f51dccfd3f0a01453c0405a0326dad8f83afd10270eec5c69fa0612cb8510 devscripts_2.20.2.tar.xz" diff --git a/user/fuse3/APKBUILD b/user/fuse3/APKBUILD index 821be29db..14cafec71 100644 --- a/user/fuse3/APKBUILD +++ b/user/fuse3/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Max Rees <maxcrees@me.com> pkgname=fuse3 _pkgname=fuse -pkgver=3.9.0 +pkgver=3.9.1 pkgrel=0 pkgdesc="The reference implementation of the Linux FUSE (Filesystem in Userspace) interface" url="https://github.com/libfuse/libfuse" @@ -26,18 +26,26 @@ builddir="$srcdir/$_pkgname-$pkgver" # - CVE-2018-10906 build() { + # The examples are required for the tests to work, and aren't + # otherwise installed + meson \ --prefix=/usr \ --sysconfdir=/etc \ --mandir=/usr/share/man \ --localstatedir=/var \ --buildtype=release \ - -Dexamples=false \ + -Dexamples=true \ . output ninja -C output } check() { + # Recommended procedure: + # 1. modprobe fuse + # 2. chown root and chmod u+s $builddir/output/util/fusermount3 + # 3. abuild check + cd "$builddir"/output python3 -m pytest test/ } @@ -72,6 +80,6 @@ openrc() { install_if="openrc fuse-common=$pkgver-r$pkgrel" } -sha512sums="0c96df5db4d0ceb7885ddb6f6c05b523ee7e179f8f411ad0614caecb9fa0f5fd682ab9bf4dfdaa3aff9d90c18b8947a122ee376328535e49fa6091d784aa0cb7 fuse-3.9.0.tar.xz +sha512sums="295bb62274264789c977a1fee78c6c122a2f227ae85d750b8519cafbdcf6551499b77cf021d83cc8261831e29761c166d84a4e50bdebb4191c76bcad1d15d329 fuse-3.9.1.tar.xz 1a9e1d1e8a7b0778ffde328e4322c73b5d57ec98d52767c846d755cce861ab27989823a75b6c5f994432ddb77fa351dfa4a8f948c9467c5f7d5f471e4608358b fix-realpath.patch 7f6a503ef23cfa8b809c544375c2d83ad56525269b48ad1a7dff0ce36f4bf2f2a3fafed9dc70a71ff6281b261db5f01829e16c06f041921a5d8c8d715a04a8c1 fuse.initd" diff --git a/user/libnftnl/APKBUILD b/user/libnftnl/APKBUILD index b634ff0c2..2456f0522 100644 --- a/user/libnftnl/APKBUILD +++ b/user/libnftnl/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net> # Contributor: Luis Ressel <aranea@aixah.de> -# Maintainer: +# Maintainer: Molly Miller <sysvinit@adelielinux.org> pkgname=libnftnl -pkgver=1.1.5 +pkgver=1.1.6 pkgrel=0 pkgdesc="Netfilter library providing interface to the nf_tables subsystem" url="https://netfilter.org/projects/libnftnl" @@ -12,7 +12,6 @@ depends="" makedepends="libmnl-dev" subpackages="$pkgname-dev" source="https://netfilter.org/projects/libnftnl/files/$pkgname-$pkgver.tar.bz2 - nft-flowtable-test.patch " build() { @@ -34,5 +33,5 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="a0495e1a99ea9efcf3994db48e50943023ff3d8101055887574ff4eb6b0df8600cf7db68a9c91ca02bbbcc1f01099b008649f88321bb956897bcc90eb4167ee7 libnftnl-1.1.5.tar.bz2 -0978037a5dec71a96f5713dbc5a4dc8dc30b7b37d79ec7dd6ec8b201740303785c3625c21a2388f8fd5d9d446f8706ac14d0bf5909a48ed3ef3e7417173dd2c8 nft-flowtable-test.patch" +sha512sums="3de13cb667060f0942c8dd9e139ee8c7aff1854c544793774a827c01d06e432a4ce05d54846e1062aa620b5e54533da09daa9588467866c82c9119ef4cfbb57d libnftnl-1.1.6.tar.bz2 +" diff --git a/user/libnftnl/nft-flowtable-test.patch b/user/libnftnl/nft-flowtable-test.patch deleted file mode 100644 index 719c1f2cf..000000000 --- a/user/libnftnl/nft-flowtable-test.patch +++ /dev/null @@ -1,37 +0,0 @@ -From b2388765e0c4405442faa13845419f6a35d0134c Mon Sep 17 00:00:00 2001 -From: Phil Sutter <phil@nwl.cc> -Date: Mon, 2 Dec 2019 18:29:56 +0100 -Subject: tests: flowtable: Don't check NFTNL_FLOWTABLE_SIZE - -Marshalling code around that attribute has been dropped by commit -d1c4b98c733a5 ("flowtable: remove NFTA_FLOWTABLE_SIZE") so it's value is -lost during the test. - -Assuming that NFTNL_FLOWTABLE_SIZE will receive kernel support at a -later point, leave the test code in place but just comment it out. - -Fixes: d1c4b98c733a5 ("flowtable: remove NFTA_FLOWTABLE_SIZE") -Signed-off-by: Phil Sutter <phil@nwl.cc> -Acked-by: Pablo Neira Ayuso <pablo@netfilter.org> ---- - tests/nft-flowtable-test.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/tests/nft-flowtable-test.c b/tests/nft-flowtable-test.c -index 3edb00d..8ab8d4c 100644 ---- a/tests/nft-flowtable-test.c -+++ b/tests/nft-flowtable-test.c -@@ -33,9 +33,11 @@ static void cmp_nftnl_flowtable(struct nftnl_flowtable *a, struct nftnl_flowtabl - if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_USE) != - nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_USE)) - print_err("Flowtable use mismatches"); -+#if 0 - if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_SIZE) != - nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_SIZE)) - print_err("Flowtable size mismatches"); -+#endif - if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_FLAGS) != - nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_FLAGS)) - print_err("Flowtable flags mismatches"); --- -2.24.1 diff --git a/user/libslirp/APKBUILD b/user/libslirp/APKBUILD new file mode 100644 index 000000000..07d7eea31 --- /dev/null +++ b/user/libslirp/APKBUILD @@ -0,0 +1,34 @@ +# Maintainer: Max Rees <maxcrees@me.com> +pkgname=libslirp +pkgver=4.2.0 +pkgrel=0 +pkgdesc="A general-purpose TCP/IP emulator" +url="https://gitlab.freedesktop.org/slirp/libslirp" +arch="all" +options="!check" # No test suite. +license="BSD-3-Clause AND MIT" +depends="" +makedepends="glib-dev meson" +subpackages="$pkgname-dev" +source="https://gitlab.freedesktop.org/slirp/libslirp/-/archive/v$pkgver/libslirp-v$pkgver.tar.gz + static.patch + " +builddir="$srcdir/libslirp-v$pkgver" + +build() { + meson \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --localstatedir=/var \ + --buildtype=release \ + . output + ninja -C output +} + +package() { + DESTDIR="$pkgdir" ninja -C output install +} + +sha512sums="514744ac8325857915b9946a76f4a55d48c8361b6167cd69c533086928ae06f059d923c5f057e92a0915921bb363b69d34a939a0bcc28233515125a5d1858d25 libslirp-v4.2.0.tar.gz +bb1bb5443d8083099d2a270b78b7ec74daa26634b2062d2c30460ed118b333942a9a555c96910216bb746311ae021d457f39a304a60fe07a3908a0c315a7c756 static.patch" diff --git a/user/libslirp/static.patch b/user/libslirp/static.patch new file mode 100644 index 000000000..46451a168 --- /dev/null +++ b/user/libslirp/static.patch @@ -0,0 +1,14 @@ +library = shared +both_libraries = shared and static (needed by qemu) + +--- libslirp-v4.2.0/meson.build 2020-03-17 10:07:35.000000000 +0000 ++++ libslirp-v4.2.0/meson.build 2020-03-24 20:41:57.030331048 +0000 +@@ -100,7 +100,7 @@ configure_file( + configuration : conf + ) + +-lib = library('slirp', sources, ++lib = both_libraries('slirp', sources, + version : lt_version, + c_args : cargs, + link_args : vflag, diff --git a/user/libzip/APKBUILD b/user/libzip/APKBUILD index 379075ae7..62a55bfba 100644 --- a/user/libzip/APKBUILD +++ b/user/libzip/APKBUILD @@ -3,7 +3,7 @@ # Contributor: Carlo Landmeter <clandmeter@gmail.com> # Maintainer: Max Rees <maxcrees@me.com> pkgname=libzip -pkgver=1.5.2 +pkgver=1.6.1 pkgrel=0 pkgdesc="C library for manipulating ZIP archives" url="https://libzip.org/" @@ -11,7 +11,7 @@ arch="all" license="BSD-3-Clause" depends="" depends_dev="zlib-dev" -makedepends="$depends_dev cmake openssl-dev perl" +makedepends="$depends_dev cmake groff openssl-dev perl" subpackages="$pkgname-dev $pkgname-doc $pkgname-tools" source="https://libzip.org/download/$pkgname-$pkgver.tar.xz" @@ -44,4 +44,4 @@ tools() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr } -sha512sums="1e6d48ddbac4d270f70b314f6ada3c93a3196a8cc3b8d17c6cf5ea8409ff29f36ac351206675f9d81351fcf633b0c15d7b0b5530c30c4140e4fe55e64c602643 libzip-1.5.2.tar.xz" +sha512sums="dcf3790933c95f66bdcbdb276497b36e57776103b0b1064a94479e84eaa0a09df8dd91509cb4ccab3a6724f0650f076ca1e332d73acc94b653e99a3e94a64574 libzip-1.6.1.tar.xz" diff --git a/user/nftables/APKBUILD b/user/nftables/APKBUILD index 41e356d37..bc96a18f1 100644 --- a/user/nftables/APKBUILD +++ b/user/nftables/APKBUILD @@ -2,9 +2,9 @@ # Contributor: Jakub Jirutka <jakub@jirutka.cz> # Contributor: Francesco Colista <fcolista@alpinelinux.org> # Contributor: Luis Ressel <aranea@aixah.de> -# Maintainer: +# Maintainer: Molly Miller <sysvinit@adelielinux.org> pkgname=nftables -pkgver=0.9.3 +pkgver=0.9.4 pkgrel=0 pkgdesc="Netfilter tables userspace tools" url="https://netfilter.org/projects/nftables" @@ -47,7 +47,7 @@ package() { install -Dm644 "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname } -sha512sums="d264f6fc75c95510e29fe7d5b82ae418d502f40437b098ba6117ffb1374d9989d70a7296e2e58c5fb25142145a987bb9c160902637899f892589809f9541db43 nftables-0.9.3.tar.bz2 +sha512sums="cef5b5f26f3a2893a3eb1323f1f0ecfd6e2865e0eb040e9b7da5824e5be2274b888e661abe96e828add9e951f47303e30cb7c9238d267a031c0f99b5f3b6e2c0 nftables-0.9.4.tar.bz2 f7b18945f0ab8be2a8725fa902cb2499de0a886076ae4cc337ebd845b3ae08f05a75b1680b428075d42558e7953014a227405e748741e6ebc3a7ac84bbf4beaa asciidoctor.patch 4eb1adf003dfcaad65c91af6ca88d91b7904c471aefae67e7d3c2f8e053e1ac196d3437a45d1fed5a855b876a0f1fc58a724e381d2acf1164d9120cadee73eef nftables.confd 58daafb012b7cd0248a7db6e10f6a667e683347aaea7eaa78cb88780272f334e00913cea3fd39a22a4a72acc27fabd101944b40916f4b534ddeb509bd0232017 nftables.initd" diff --git a/user/pixman/APKBUILD b/user/pixman/APKBUILD index d36f5a1ee..50ff4f981 100644 --- a/user/pixman/APKBUILD +++ b/user/pixman/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=pixman pkgver=0.38.4 -pkgrel=0 +pkgrel=1 pkgdesc="Low-level pixel manipulation library" url="https://www.X.Org/" arch="all" @@ -14,11 +14,13 @@ source="https://www.X.Org/releases/individual/lib/$pkgname-$pkgver.tar.bz2 " build() { + # Static is needed by qemu + ./configure \ --build=$CBUILD \ --host=$CHOST \ --prefix=/usr \ - --disable-static \ + --enable-static \ --disable-openmp \ --disable-arm-iwmmxt make diff --git a/user/qemu/APKBUILD b/user/qemu/APKBUILD index e64bb2510..579eed14f 100644 --- a/user/qemu/APKBUILD +++ b/user/qemu/APKBUILD @@ -2,10 +2,11 @@ # Contributor: Valery Kartel <valery.kartel@gmail.com> # Contributor: Jakub Jirutka <jakub@jirutka.cz> # Contributor: Natanael Copa <ncopa@alpinelinux.org> +# Contributor: Max Rees <maxcrees@me.com> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=qemu -pkgver=3.0.0 -pkgrel=5 +pkgver=4.2.0 +pkgrel=0 pkgdesc="Machine emulator and virtualisation software" url="https://www.qemu.org/" arch="all" @@ -27,13 +28,14 @@ makedepends=" libjpeg-turbo-dev libnfs-dev libpng-dev - libssh2-dev + libslirp-dev libusb-dev libx11-dev libxml2-dev linux-headers lzo-dev ncurses-dev + py3-sphinx python3 snappy-dev spice-dev @@ -109,7 +111,6 @@ _system_subsystems=" system-or1k system-ppc system-ppc64 - system-ppcemb system-riscv32 system-riscv64 system-s390x @@ -151,13 +152,14 @@ source="https://download.qemu.org/$pkgname-$pkgver.tar.xz ncurses.patch ignore-signals-33-and-64-to-allow-golang-emulation.patch 0001-linux-user-fix-build-with-musl-on-ppc64le.patch - fix-sockios-header.patch test-crypto-ivgen-skip-essiv.patch ppc32-musl-support.patch signal-fixes.patch sysinfo-header.patch fix-lm32-underlinking.patch time64.patch + MAP_SYNC-fix.patch + CVE-2020-1711.patch $pkgname-guest-agent.confd $pkgname-guest-agent.initd @@ -168,31 +170,66 @@ builddir="$srcdir/$pkgname-$pkgver" # secfixes: # 2.8.1-r1: -# - CVE-2016-7994 -# - CVE-2016-7995 -# - CVE-2016-8576 -# - CVE-2016-8577 -# - CVE-2016-8578 -# - CVE-2016-8668 -# - CVE-2016-8909 -# - CVE-2016-8910 -# - CVE-2016-9101 -# - CVE-2016-9102 -# - CVE-2016-9103 -# - CVE-2016-9104 -# - CVE-2016-9105 -# - CVE-2016-9106 -# - CVE-2017-2615 -# - CVE-2017-2620 -# - CVE-2017-5525 -# - CVE-2017-5552 -# - CVE-2017-5578 -# - CVE-2017-5579 -# - CVE-2017-5667 -# - CVE-2017-5856 -# - CVE-2017-5857 -# - CVE-2017-5898 -# - CVE-2017-5931 +# - CVE-2016-7994 +# - CVE-2016-7995 +# - CVE-2016-8576 +# - CVE-2016-8577 +# - CVE-2016-8578 +# - CVE-2016-8668 +# - CVE-2016-8909 +# - CVE-2016-8910 +# - CVE-2016-9101 +# - CVE-2016-9102 +# - CVE-2016-9103 +# - CVE-2016-9104 +# - CVE-2016-9105 +# - CVE-2016-9106 +# - CVE-2017-2615 +# - CVE-2017-2620 +# - CVE-2017-5525 +# - CVE-2017-5552 +# - CVE-2017-5578 +# - CVE-2017-5579 +# - CVE-2017-5667 +# - CVE-2017-5856 +# - CVE-2017-5857 +# - CVE-2017-5898 +# - CVE-2017-5931 +# 4.2.0-r0: +# - CVE-2018-10839 +# - CVE-2018-16847 +# - CVE-2018-16867 +# - CVE-2018-16872 +# - CVE-2018-17958 +# - CVE-2018-17962 +# - CVE-2018-17963 +# - CVE-2018-18849 +# - CVE-2018-18954 +# - CVE-2018-19364 +# - CVE-2018-19489 +# - CVE-2018-20123 +# - CVE-2018-20124 +# - CVE-2018-20125 +# - CVE-2018-20126 +# - CVE-2018-20191 +# - CVE-2018-20216 +# - CVE-2018-20815 +# - CVE-2019-3812 +# - CVE-2019-5008 +# - CVE-2019-6501 +# - CVE-2019-6778 +# - CVE-2019-8934 +# - CVE-2019-9824 +# - CVE-2019-12068 +# - CVE-2019-12155 +# - CVE-2019-13164 +# - CVE-2019-14378 +# - CVE-2019-15034 +# - CVE-2019-15890 +# - CVE-2019-20382 +# - CVE-2020-1711 +# - CVE-2020-7039 +# - CVE-2020-8608 prepare() { default_prepare # apply patches @@ -218,6 +255,7 @@ _compile_common() { --disable-gcrypt \ --cc="${CC:-gcc}" \ --python="/usr/bin/python3" \ + --enable-slirp=system \ "$@" make ARFLAGS="rc" } @@ -233,7 +271,6 @@ _compile_system() { --enable-cap-ng \ --enable-linux-aio \ --enable-usb-redir \ - --enable-libssh2 \ --enable-vhost-net \ --enable-snappy \ --enable-tpm \ @@ -248,16 +285,19 @@ _compile_system() { build() { local systems + mkdir -p "$builddir"/build \ "$builddir"/build-user \ "$builddir"/build-gtk + msg "Building -user..." cd "$builddir"/build-user _compile_common \ --enable-linux-user \ --disable-system \ --static + msg "Building -system..." cd "$builddir"/build _compile_system \ --enable-vnc \ @@ -268,10 +308,10 @@ build() { --disable-gtk if [ -n "$_arch" ]; then + msg "Building -gtk..." cd "$builddir"/build-gtk _compile_system \ --enable-gtk \ - --with-gtkabi=3.0 \ --disable-vnc \ --disable-spice \ --disable-guest-agent \ @@ -287,9 +327,11 @@ check() { } package() { + msg "Installing -user..." cd "$builddir"/build-user make DESTDIR="$pkgdir" install + msg "Installing -system..." cd "$builddir"/build make DESTDIR="$pkgdir" install @@ -395,7 +437,7 @@ guest() { "$subpkgdir"/etc/conf.d/$pkgname-guest-agent } -sha512sums="a764302f50b9aca4134bbbc1f361b98e71240cdc7b25600dfe733bf4cf17bd86000bd28357697b08f3b656899dceb9e459350b8d55557817444ed5d7fa380a5a qemu-3.0.0.tar.xz +sha512sums="2a79973c2b07c53e8c57a808ea8add7b6b2cbca96488ed5d4b669ead8c9318907dec2b6109f180fc8ca8f04c0f73a56e82b3a527b5626b799d7e849f2474ec56 qemu-4.2.0.tar.xz 405008589cad1c8b609eca004d520bf944366e8525f85a19fc6e283c95b84b6c2429822ba064675823ab69f1406a57377266a65021623d1cd581e7db000134fd 0001-elfload-load-PIE-executables-to-right-address.patch 1ac043312864309e19f839a699ab2485bca51bbf3d5fdb39f1a87b87e3cbdd8cbda1a56e6b5c9ffccd65a8ac2f600da9ceb8713f4dbba26f245bc52bcd8a1c56 0001-linux-user-fix-build-with-musl-on-aarch64.patch 224f5b44da749921e8a821359478c5238d8b6e24a9c0b4c5738c34e82f3062ec4639d495b8b5883d304af4a0d567e38aa6623aac1aa3a7164a5757c036528ac0 musl-F_SHLCK-and-F_EXLCK.patch @@ -404,13 +446,14 @@ sha512sums="a764302f50b9aca4134bbbc1f361b98e71240cdc7b25600dfe733bf4cf17bd86000b b6ed02aaf95a9bb30a5f107d35371207967edca058f3ca11348b0b629ea7a9c4baa618db68a3df72199eea6d86d14ced74a5a229d17604cc3f0adedcfeae7a73 ncurses.patch fd178f2913639a0c33199b3880cb17536961f2b3ff171c12b27f4be6bca032d6b88fd16302d09c692bb34883346babef5c44407a6804b20a39a465bb2bc85136 ignore-signals-33-and-64-to-allow-golang-emulation.patch d8933df9484158c2b4888254e62117d78f8ed7c18527b249419f39c2b2ab1afa148010884b40661f8965f1ef3105580fceffdfddbb2c9221dc1c62066722ba65 0001-linux-user-fix-build-with-musl-on-ppc64le.patch -39590476a4ebd7c1e79a4f0451b24c75b1817a2a83abaa1f71bb60b225d772152f0af8f3e51ff65645e378c536ffa6ff551dade52884d03a14b7c6a19c5c97d4 fix-sockios-header.patch 8b8db136f78bd26b5da171effa9e11016ec2bc3e2fc8107228b5543b47aa370978ed883794aa4f917f334e284a5b49e82070e1da2d31d49301195b6713a48eff test-crypto-ivgen-skip-essiv.patch fb0130fa4e8771b23ae337ea3e5e29fd5f7dcfe7f9f7a68968f5b059bb4dd1336b0d04c118840d55885bc784a96a99b28aeacbc6a5549b2e6750c9d3099a897c ppc32-musl-support.patch c6436b1cc986788baccd5fe0f9d23c7db9026f6b723260611cf894bd94ee830140a17ee5859efe0dad0ca3bfe9caae1269bc5c9ab4c6e696f35c7857c1b5c86b signal-fixes.patch 698f6b134f4ca87f4de62caf7a656841a40a451b8686ca95928f67a296e58a7493d432d9baa5f6360917865aa4929600baf1699993b0600923a066ca9d45d1da sysinfo-header.patch 2828cc612539aa93b5789de7de6d4f85d3cf82311484c0fe91fdd3efeb972057e2baa2a3809ed633d6caa1785642d49196cb282b095d7553c510c47ce7d6a702 fix-lm32-underlinking.patch 87f659800b78b31731ea1828a27a3762662ef124d10e942f6029b332d5e8cf4487f62a3d742ad59709c2eb9e3ae8af36fa849d6cbac89978a282d29786b9b41a time64.patch +d7de79ea74e36702cac4a59e472564a55f0a663be7e63c3755e32b4b5dfbc04b390ee79f09f43f6ae706ee2aec9e005eade3c0fd4a202db60d11f436874a17d7 MAP_SYNC-fix.patch +0ea3745c45507c00c3c036241992d594b5f7e9aa1f0fa9b425dd222390066e1ea2d0aa4923bde0e7f27b7cc2f759a122ae4b600c2fa682a5aad509e7d03ccad9 CVE-2020-1711.patch d90c034cae3f9097466854ed1a9f32ab4b02089fcdf7320e8f4da13b2b1ff65067233f48809911485e4431d7ec1a22448b934121bc9522a2dc489009e87e2b1f qemu-guest-agent.confd 1cd24c2444c5935a763c501af2b0da31635aad9cf62e55416d6477fcec153cddbe7de205d99616def11b085e0dd366ba22463d2270f831d884edbc307c7864a6 qemu-guest-agent.initd 9b7a89b20fcf737832cb7b4d5dc7d8301dd88169cbe5339eda69fbb51c2e537d8cb9ec7cf37600899e734209e63410d50d0821bce97e401421db39c294d97be2 80-kvm.rules diff --git a/user/qemu/CVE-2020-1711.patch b/user/qemu/CVE-2020-1711.patch new file mode 100644 index 000000000..c57b5c984 --- /dev/null +++ b/user/qemu/CVE-2020-1711.patch @@ -0,0 +1,61 @@ +From 693fd2acdf14dd86c0bf852610f1c2cca80a74dc Mon Sep 17 00:00:00 2001 +From: Felipe Franciosi <felipe@nutanix.com> +Date: Thu, 23 Jan 2020 12:44:59 +0000 +Subject: [PATCH] iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711) + +When querying an iSCSI server for the provisioning status of blocks (via +GET LBA STATUS), Qemu only validates that the response descriptor zero's +LBA matches the one requested. Given the SCSI spec allows servers to +respond with the status of blocks beyond the end of the LUN, Qemu may +have its heap corrupted by clearing/setting too many bits at the end of +its allocmap for the LUN. + +A malicious guest in control of the iSCSI server could carefully program +Qemu's heap (by selectively setting the bitmap) and then smash it. + +This limits the number of bits that iscsi_co_block_status() will try to +update in the allocmap so it can't overflow the bitmap. + +Fixes: CVE-2020-1711 +Cc: qemu-stable@nongnu.org +Signed-off-by: Felipe Franciosi <felipe@nutanix.com> +Signed-off-by: Peter Turschmid <peter.turschm@nutanix.com> +Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com> +Signed-off-by: Kevin Wolf <kwolf@redhat.com> +--- + block/iscsi.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/block/iscsi.c b/block/iscsi.c +index 2aea7e3f13..cbd57294ab 100644 +--- a/block/iscsi.c ++++ b/block/iscsi.c +@@ -701,7 +701,7 @@ static int coroutine_fn iscsi_co_block_status(BlockDriverState *bs, + struct scsi_get_lba_status *lbas = NULL; + struct scsi_lba_status_descriptor *lbasd = NULL; + struct IscsiTask iTask; +- uint64_t lba; ++ uint64_t lba, max_bytes; + int ret; + + iscsi_co_init_iscsitask(iscsilun, &iTask); +@@ -721,6 +721,7 @@ static int coroutine_fn iscsi_co_block_status(BlockDriverState *bs, + } + + lba = offset / iscsilun->block_size; ++ max_bytes = (iscsilun->num_blocks - lba) * iscsilun->block_size; + + qemu_mutex_lock(&iscsilun->mutex); + retry: +@@ -764,7 +765,7 @@ retry: + goto out_unlock; + } + +- *pnum = (int64_t) lbasd->num_blocks * iscsilun->block_size; ++ *pnum = MIN((int64_t) lbasd->num_blocks * iscsilun->block_size, max_bytes); + + if (lbasd->provisioning == SCSI_PROVISIONING_TYPE_DEALLOCATED || + lbasd->provisioning == SCSI_PROVISIONING_TYPE_ANCHORED) { +-- +2.25.1 + diff --git a/user/qemu/MAP_SYNC-fix.patch b/user/qemu/MAP_SYNC-fix.patch new file mode 100644 index 000000000..e13609d73 --- /dev/null +++ b/user/qemu/MAP_SYNC-fix.patch @@ -0,0 +1,22 @@ +diff --git a/util/mmap-alloc.c b/util/mmap-alloc.c +index f7f177d..7598960 100644 +--- a/util/mmap-alloc.c ++++ b/util/mmap-alloc.c +@@ -10,14 +10,16 @@ + * later. See the COPYING file in the top-level directory. + */ + ++#include "qemu/osdep.h" ++ + #ifdef CONFIG_LINUX + #include <linux/mman.h> ++#include <asm-generic/mman.h> /* for ppc64le */ + #else /* !CONFIG_LINUX */ + #define MAP_SYNC 0x0 + #define MAP_SHARED_VALIDATE 0x0 + #endif /* CONFIG_LINUX */ + +-#include "qemu/osdep.h" + #include "qemu/mmap-alloc.h" + #include "qemu/host-utils.h" + diff --git a/user/qemu/fix-sockios-header.patch b/user/qemu/fix-sockios-header.patch deleted file mode 100644 index 1f3cd767c..000000000 --- a/user/qemu/fix-sockios-header.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 43d0562..afa0ac4 100644 ---- a/linux-user/syscall.c -+++ b/linux-user/syscall.c -@@ -59,6 +59,7 @@ int __clone2(int (*fn)(void *), void *child_stack_base, - #include <linux/icmp.h> - #include <linux/icmpv6.h> - #include <linux/errqueue.h> -+#include <linux/sockios.h> - #include <linux/random.h> - #include "qemu-common.h" - #ifdef CONFIG_TIMERFD - #include <sys/timerfd.h> diff --git a/user/qt5-qtbase/APKBUILD b/user/qt5-qtbase/APKBUILD index 18b5b88ad..4cb68524d 100644 --- a/user/qt5-qtbase/APKBUILD +++ b/user/qt5-qtbase/APKBUILD @@ -2,7 +2,7 @@ pkgname=qt5-qtbase _pkgname=qtbase-everywhere-src pkgver=5.12.6 -pkgrel=0 +pkgrel=1 pkgdesc="Cross-platform application and UI framework" url="https://www.qt.io/" arch="all" @@ -27,6 +27,8 @@ source="https://download.qt.io/official_releases/qt/${pkgver%.*}/$pkgver/submodu link-to-execinfo.patch qt-musl-iconv-no-bom.patch time64.patch + CVE-2020-0569.patch + CVE-2020-0570.patch " # secfixes: qt @@ -36,6 +38,9 @@ source="https://download.qt.io/official_releases/qt/${pkgver%.*}/$pkgver/submodu # - CVE-2018-19870 # - CVE-2018-19871 # - CVE-2018-19873 +# 5.12.6-r1: +# - CVE-2020-0569 +# - CVE-2020-0570 _qt5_prefix=/usr/lib/qt5 _qt5_datadir=/usr/share/qt5 @@ -175,4 +180,6 @@ sha512sums="5fb82d903b0db95c23c55785047722dea7979e7f94ecaaf374e0c73b4787aabd768a d00dc607b71a93132f756b952871df9197cfd6d78cc3617544bfa11d7f0eea21ce5dd0d1aeb69dd2702a5694a63d3802accc76499dbf414c01eb56421698cb0c big-endian-scroll-wheel.patch ee78a44e28ba5f728914bfc3d8d5b467896c7de11a02d54b0bce11e40a4338b1f776c1fcc30cbd436df4f548c1ab0b4fe801f01b162ddd5c0f892893e227acfd link-to-execinfo.patch e3982b2df2ab4ba53b7a1329a9eb928eb1fee813c61cf6ac03d3300a767ffb57f019ac0fd89f633cac2330549446ff3d43344871296bf362815e7ebffadefa6b qt-musl-iconv-no-bom.patch -436f0bb7a89a88aa62c7b0398c4e91c325e78542e96f747c903f7e96dbf9d9b693d9688c722f2a74e287fb9ab31e861bd5ed8deb172ed28f56a1b8757663771c time64.patch" +436f0bb7a89a88aa62c7b0398c4e91c325e78542e96f747c903f7e96dbf9d9b693d9688c722f2a74e287fb9ab31e861bd5ed8deb172ed28f56a1b8757663771c time64.patch +ddeb0a59cf0901b38669314fd2f14dffba63c6cbd06a3d864cd329081cc2b10323ec52053a6ffe7baf5ee8a1e137331acfe5d874c03596660630dd151828da56 CVE-2020-0569.patch +b5973799d6dc7c03124b7df5424e5fa84cb81ec3b997e039b84cca21852abaf4ff61780b99c47f1fd6ce64ae61f61b2458ca2929e068644f1973a6f1c53a4d64 CVE-2020-0570.patch" diff --git a/user/qt5-qtbase/CVE-2020-0569.patch b/user/qt5-qtbase/CVE-2020-0569.patch new file mode 100644 index 000000000..fa0efdce3 --- /dev/null +++ b/user/qt5-qtbase/CVE-2020-0569.patch @@ -0,0 +1,29 @@ +From bf131e8d2181b3404f5293546ed390999f760404 Mon Sep 17 00:00:00 2001 +From: Olivier Goffart <ogoffart@woboq.com> +Date: Fri, 8 Nov 2019 11:30:40 +0100 +Subject: Do not load plugin from the $PWD + +I see no reason why this would make sense to look for plugins in the current +directory. And when there are plugins there, it may actually be wrong + +Change-Id: I5f5aa168021fedddafce90effde0d5762cd0c4c5 +Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> +--- + src/corelib/plugin/qpluginloader.cpp | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/corelib/plugin/qpluginloader.cpp b/src/corelib/plugin/qpluginloader.cpp +index cadff4f32b..c2443dbdda 100644 +--- a/src/corelib/plugin/qpluginloader.cpp ++++ b/src/corelib/plugin/qpluginloader.cpp +@@ -305,7 +305,6 @@ static QString locatePlugin(const QString& fileName) + paths.append(fileName.left(slash)); // don't include the '/' + } else { + paths = QCoreApplication::libraryPaths(); +- paths.prepend(QStringLiteral(".")); // search in current dir first + } + + for (const QString &path : qAsConst(paths)) { +-- +cgit v1.2.1 + diff --git a/user/qt5-qtbase/CVE-2020-0570.patch b/user/qt5-qtbase/CVE-2020-0570.patch new file mode 100644 index 000000000..dcf507c0d --- /dev/null +++ b/user/qt5-qtbase/CVE-2020-0570.patch @@ -0,0 +1,55 @@ +From e6f1fde24f77f63fb16b2df239f82a89d2bf05dd Mon Sep 17 00:00:00 2001 +From: Thiago Macieira <thiago.macieira@intel.com> +Date: Fri, 10 Jan 2020 09:26:27 -0800 +Subject: QLibrary/Unix: do not attempt to load a library relative to $PWD + +I added the code in commit 5219c37f7c98f37f078fee00fe8ca35d83ff4f5d to +find libraries in a haswell/ subdir of the main path, but we only need +to do that transformation if the library is contains at least one +directory seprator. That is, if the user asks to load "lib/foo", then we +should try "lib/haswell/foo" (often, the path prefix will be absolute). + +When the library name the user requested has no directory separators, we +let dlopen() do the transformation for us. Testing on Linux confirms +glibc does so: + +$ LD_DEBUG=libs /lib64/ld-linux-x86-64.so.2 --inhibit-cache ./qml -help |& grep Xcursor + 1972475: find library=libXcursor.so.1 [0]; searching + 1972475: trying file=/usr/lib64/haswell/avx512_1/libXcursor.so.1 + 1972475: trying file=/usr/lib64/haswell/libXcursor.so.1 + 1972475: trying file=/usr/lib64/libXcursor.so.1 + 1972475: calling init: /usr/lib64/libXcursor.so.1 + 1972475: calling fini: /usr/lib64/libXcursor.so.1 [0] + +Fixes: QTBUG-81272 +Change-Id: I596aec77785a4e4e84d5fffd15e89689bb91ffbb +Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> +--- + src/corelib/plugin/qlibrary_unix.cpp | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/corelib/plugin/qlibrary_unix.cpp b/src/corelib/plugin/qlibrary_unix.cpp +index f0de1010d7..135b82cd37 100644 +--- a/src/corelib/plugin/qlibrary_unix.cpp ++++ b/src/corelib/plugin/qlibrary_unix.cpp +@@ -1,7 +1,7 @@ + /**************************************************************************** + ** + ** Copyright (C) 2016 The Qt Company Ltd. +-** Copyright (C) 2018 Intel Corporation ++** Copyright (C) 2020 Intel Corporation + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the QtCore module of the Qt Toolkit. +@@ -218,6 +218,8 @@ bool QLibraryPrivate::load_sys() + for(int suffix = 0; retry && !pHnd && suffix < suffixes.size(); suffix++) { + if (!prefixes.at(prefix).isEmpty() && name.startsWith(prefixes.at(prefix))) + continue; ++ if (path.isEmpty() && prefixes.at(prefix).contains(QLatin1Char('/'))) ++ continue; + if (!suffixes.at(suffix).isEmpty() && name.endsWith(suffixes.at(suffix))) + continue; + if (loadHints & QLibrary::LoadArchiveMemberHint) { +-- +cgit v1.2.1 + diff --git a/user/spice-gtk/APKBUILD b/user/spice-gtk/APKBUILD index c613828bc..5c11142ba 100644 --- a/user/spice-gtk/APKBUILD +++ b/user/spice-gtk/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Max Rees <maxcrees@me.com> pkgname=spice-gtk -pkgver=0.37 +pkgver=0.38 pkgrel=0 pkgdesc="A GTK+ widget for SPICE clients" url="https://www.spice-space.org/" @@ -12,42 +12,38 @@ license="LGPL-2.1+ AND LGPL-2.0+ AND BSD-3-Clause AND MIT AND GPL-3.0+ AND LGPL- depends="gst-plugins-good" depends_dev="gobject-introspection-dev gtk+3.0-dev" makedepends="$depends_dev acl-dev bash cyrus-sasl-dev eudev-dev - gst-plugins-base-dev gstreamer-dev gstreamer-tools json-glib-dev - libjpeg-turbo-dev libusb-dev libxrandr-dev lz4-dev openssl-dev - opus-dev polkit-dev polkit-dev spice-protocol usbredir-dev + gst-plugins-base-dev gstreamer-dev gstreamer-tools gtk-doc + json-glib-dev libjpeg-turbo-dev libucontext-dev libusb-dev + libxrandr-dev lz4-dev meson openssl-dev opus-dev polkit-dev + py3-pyparsing py3-six spice-protocol usbredir-dev usbutils zlib-dev" subpackages="$pkgname-dev $pkgname-doc $pkgname-lang spicy spice-glib:glib" -source="https://www.spice-space.org/download/gtk/$pkgname-$pkgver.tar.bz2" +source="https://www.spice-space.org/download/gtk/$pkgname-$pkgver.tar.xz" build() { + export CFLAGS="$CFLAGS -lucontext" + # Note: pulseaudio support is disabled because it's deprecated. # Audio is still supported through gstreamer. - ./configure \ - --build=$CBUILD \ - --host=$CHOST \ + meson \ --prefix=/usr \ --sysconfdir=/etc \ --mandir=/usr/share/man \ - --with-gtk=3.0 \ - --with-audio=gstreamer \ - --disable-celt051 \ - --disable-werror \ - --enable-lz4 \ - --enable-opus \ - --enable-smartcard=no \ - --enable-usbredir=yes \ - --enable-polkit=yes \ - --enable-pulse=no - make + --localstatedir=/var \ + --buildtype=release \ + -Dcelt051=disabled \ + -Dpulse=disabled \ + . output + ninja -C output } check() { - make check + ninja -C output test } package() { - make -j1 DESTDIR="$pkgdir" install + DESTDIR="$pkgdir" ninja -C output install } spicy() { @@ -66,4 +62,4 @@ glib() { "$subpkgdir"/usr/lib/girepository-1.0/ } -sha512sums="a0a20bc6f25337d86e57fe1fc9586c4cc84457fc8c38cdcc5a728990a69018da0fca3ab5aa63349786b5a7508c82b716c94803eefb3495cffb7df4526db2d029 spice-gtk-0.37.tar.bz2" +sha512sums="27b44ac9f0cee2737ce03bb3f47c62fc0ee2402c291c49fc56cffc4ccb63e2cab001a68ba865a6375d82cb38444408d59c68469783ee4279fa818d8682e902f3 spice-gtk-0.38.tar.xz" diff --git a/user/spice-protocol/APKBUILD b/user/spice-protocol/APKBUILD index e31c8544a..1fb5b5c3c 100644 --- a/user/spice-protocol/APKBUILD +++ b/user/spice-protocol/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=spice-protocol -pkgver=0.14.0 +pkgver=0.14.1 pkgrel=0 pkgdesc="Spice protocol header files" url="https://www.spice-space.org/" @@ -28,4 +28,4 @@ package() { make pkgconfigdir=/usr/lib/pkgconfig DESTDIR="$pkgdir" install } -sha512sums="797df5f529731e9fd395b5946af2490ecf02c26982cc4a0aef24c1766887a35222f68525a996f8bc7459c2c4a25fde0c9a10c489ee6cab6eed7a68a9b5d90f76 spice-protocol-0.14.0.tar.bz2" +sha512sums="88b0e652564a1f826ee6d3c165ab05c40d13f366567db3840805f03d433d13d7f722225219c26759770d2cde33221fe6d97528521d0eb14bc069cd7ce9af8482 spice-protocol-0.14.1.tar.bz2" diff --git a/user/spice/APKBUILD b/user/spice/APKBUILD index ef57a810c..a78551cb6 100644 --- a/user/spice/APKBUILD +++ b/user/spice/APKBUILD @@ -1,7 +1,7 @@ # Contributor: A. Wilcox <awilfox@adelielinux.org> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=spice -pkgver=0.14.2 +pkgver=0.14.3 pkgrel=0 pkgdesc="Solution for seamless access to virtual machines" url="https://www.spice-space.org/" @@ -39,4 +39,4 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="1093b618ea4a7ff31944429ce2903abecfc8d20c35f2d9c8c837a6e053ee429c0115e40665542637a717869209523ac05d15cdb5e77563102d5d3915e4aaaf76 spice-0.14.2.tar.bz2" +sha512sums="9ecdc455ff25c71ac1fe6c576654b51efbfb860110bd6828065d23f7462d5c5cac772074d1a40f033386258d970b77275b2007bcfdffb23fdff2137154ea46e4 spice-0.14.3.tar.bz2" diff --git a/user/sshfs/APKBUILD b/user/sshfs/APKBUILD index c6fe305e9..d3f1ce3f0 100644 --- a/user/sshfs/APKBUILD +++ b/user/sshfs/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Max Rees <maxcrees@me.com> pkgname=sshfs -pkgver=3.6.0 +pkgver=3.7.0 pkgrel=0 pkgdesc="FUSE client based on the SSH File Transfer Protocol" url="https://github.com/libfuse/sshfs" @@ -9,7 +9,7 @@ arch="all" options="!check" # Requires fuse kernel module to be loaded and local ssh server license="GPL-2.0-only AND GPL-2.0+ AND LGPL-2.1-only" depends="openssh-client" -#checkdepends="py3-pytest cmd:which" +#checkdepends="cmd:which openssh-server openssh-sftp-server py3-pytest" makedepends="fuse3-dev glib-dev meson coreutils py3-docutils" subpackages="$pkgname-doc" source="https://github.com/libfuse/$pkgname/releases/download/$pkgname-$pkgver/$pkgname-$pkgver.tar.xz" @@ -32,6 +32,16 @@ build() { } check() { + # This test requires a running SSH server on localhost, with the + # current user being able to login without a password. Recommended + # procedure: + # + # 1. Setup sshd - make sure sftp subsystem is enabled + # 2. Ensure current user has a SSH key configured in ~/.ssh/config and + # ~/.ssh/authorized_keys + # 3. Test `ssh localhost` + # 4. Run `abuild check` + cd "$builddir"/output python3 -m pytest test/ } @@ -40,4 +50,4 @@ package() { DESTDIR="$pkgdir" ninja -C output install } -sha512sums="fe34d7bbb76bea6aedf96b4ce7500ad6d81230cca9a43b831302159e5926797a243b7d1675d23ba101057ef247f64ad7df18a73d20578e84b9524218d9ff97bd sshfs-3.6.0.tar.xz" +sha512sums="bd8bcd45dd9a5e9686c6fb442e877ffdb592ba0d3424d5dab84a955bfafb17e8666abefba6857467833f5b285842bdadd5a9b6c9e8128ac2e564c36df79aa570 sshfs-3.7.0.tar.xz" diff --git a/user/wireguard-module/APKBUILD b/user/wireguard-module/APKBUILD index 4088a7817..7fac2165c 100644 --- a/user/wireguard-module/APKBUILD +++ b/user/wireguard-module/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Luis Ressel <aranea@aixah.de> # Maintainer: Luis Ressel <aranea@aixah.de> _kver="5.4.5-mc0" -pkgver=0.0.20200121 +pkgver=1.0.20200401 pkgrel=0 _pkgname="wireguard-module" pkgname="$_pkgname-$_kver" @@ -39,4 +39,4 @@ _patch() { "$builddir"/kernel-tree-scripts/create-patch.sh > "$subpkgdir/usr/share/wireguard/wireguard-$pkgver.patch" } -sha512sums="fde9ef09032ad2e2ce69814d42cc0abb3b353d5aa95debd39122b3eb25324c8e707dd9f298f8ee276575d932b1f1bd559b3430da6b8c0a5057911937ed85c726 wireguard-linux-compat-0.0.20200121.tar.xz" +sha512sums="894da609c7102eb1d076a4a7bdaa96c7d5f0d64b4b86fdf01068ac5f4af966652e7ad7f18b1295a7fc4447f53b55a9ec45f1b3f36f0f9df7fb08836dfdff89f0 wireguard-linux-compat-1.0.20200401.tar.xz" diff --git a/user/wireguard-tools/APKBUILD b/user/wireguard-tools/APKBUILD index 5b41e185c..db64e132e 100644 --- a/user/wireguard-tools/APKBUILD +++ b/user/wireguard-tools/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Luis Ressel <aranea@aixah.de> # Maintainer: Luis Ressel <aranea@aixah.de> pkgname=wireguard-tools -pkgver=1.0.20200121 +pkgver=1.0.20200319 pkgrel=0 pkgdesc="Userland tools for the WireGuard VPN" url="https://www.wireguard.com/" @@ -29,4 +29,4 @@ bashcomp() { mv "$pkgdir/usr/share/bash-completion" "$subpkgdir/usr/share/" } -sha512sums="cd22467916c59ab53440e072fee6d0b01f2f9ee06fc3b71de4e74bc3aab05caf25519e5f723d9d160c491f917b7f064ee6b491c74edb52d7d2c29a08d86e41c2 wireguard-tools-1.0.20200121.tar.xz" +sha512sums="d5bcd153f9b10f184b9a1bf9a81f33a9713ab4863ab5aa190eac60e92919756c8fecbb0d3cfb83bae20ac78fc43fdd7168f37294cdd7c5ee21f2a1b2db5fdf41 wireguard-tools-1.0.20200319.tar.xz" diff --git a/user/youtube-dl/APKBUILD b/user/youtube-dl/APKBUILD index ed99fcb7b..424f883b1 100644 --- a/user/youtube-dl/APKBUILD +++ b/user/youtube-dl/APKBUILD @@ -3,7 +3,7 @@ # Contributor: Timo Teräs <timo.teras@iki.fi> # Maintainer: Max Rees <maxcrees@me.com> pkgname=youtube-dl -pkgver=2020.03.08 +pkgver=2020.03.24 pkgrel=0 pkgdesc="Command-line program to download videos from YouTube and many other sites" url="https://youtube-dl.org" @@ -66,5 +66,5 @@ fishcomp() { "$subpkgdir/usr/share/fish/completions/" } -sha512sums="09636e3ec526dbcb043cf61ed4dda5c5c00fac2ecd741bf3cb338ca8de72d1395a95a6189bccced140ca1c37eb3f693332e757ff01eb1a25279b100ccdf39b65 youtube-dl-2020.03.08.tar.gz +sha512sums="421c0ae412977cdf94d079aa7982360ffdfc4271bb7af27a598adbdb8454c2044e5c44ff3a9f339e9b0989c1264223ca83bba6a9151d01052f8f72c076d9e369 youtube-dl-2020.03.24.tar.gz 5760d06e6bbc1eee2c6be2d1f580f86b3cfa5f4bc44a62fb8145ce1cd41352ecf2f65d65d79a2d7f1ec129a34c28a7ec3d0d328c907e743bfcea54c65c71285d tumblr.patch" |